Thursday, 8 August 2019

GTM synchronization group requirements - notes


Summary



A BIG-IP GTM synchronization group is a collection of multiple BIG-IP GTM systems that synchronize BIG-IP GTM configuration settings and metrics information. You must meet several minimum requirements for BIG-IP GTM synchronization group members to communicate and synchronize properly.



Description



For the BIG-IP GTM synchronization group members to properly synchronize their configuration, you must verify that the following requirements are in place:



    * The BIG-IP GTM synchronization group members must be running the same software version

      A BIG-IP GTM device should be running the same software version as other members in the synchronization group; BIG-IP GTM devices running different software versions will not be able to communicate and properly synchronize GTM configuration and zone files. For information about displaying the software version, refer to SOL8759: Displaying the BIG-IP software version.



    * The synchronization parameters must be properly defined on all members

      Synchronization must be enabled and each device must have the same synchronization group name. You can define the synchronization parameters by navigating to System > Configuration > Device > GTM > General.



    * NTP must be configured on each device      Before you can synchronize BIG-IP GTM systems, you must define the Network Time Protocol (NTP) servers for all synchronization group members. Configuring NTP servers ensures that each BIG-IP GTM synchronization group member is referencing the same time when verifying the configuration data that needs to be synchronized. You can configure NTP by navigating to System > Configuration > Device > NTP.



    * Port Lockdown must be set properly for the relevant self IP addresses

      Port lockdown is a security feature that specifies the protocols and services from which a self IP address can accept traffic. F5 recommends using the Allow Default option for self IP addresses that are used for synchronization and other critical redundant pair intercommunications. You can configure port lockdown by navigating to Network > Self IPs.



    * TCP port 4353 must be allowed between devices      BIG-IP GTM synchronization group members use TCP port 4353 to communicate. You must verify that port 4353 is allowed between BIG-IP GTM devices.



    * Compatible big3d versions must be installed on synchronization group members

      The big3d process runs on BIG-IP systems and collects performance information on behalf of the BIG-IP GTM system. For metrics collection to work properly, synchronization group members must run the same version of the big3d process. For more information about verifying big3d version information, refer to SOL13703: Overview of big3d version management.



    * A valid device certificate must be installed on all members

      The device certificate is used by the F5 system to identify itself to a requesting F5 client system. The default device certificate, /config/httpd/conf/ssl.crt/server.crt, must be installed on each sync group member. You can verify the certificate validity by navigating to System > Device Certificates.

more:http://support.f5.com/kb/en-us/solutions/public/13000/700/sol13734.html

No comments:

Post a Comment

iRule

  iRule: -- o iRule is a powerful and flexible feature within the BIG-IP local traffic management (LTM). o IRule is a powerful & flexibl...